EXCLUSIVE - NY Fed first rejected cyber-heist transfers, then moved $81 million

| 04 Jun 2016

| OKP

Hours before the Federal Reserve Bank of New York approved four fraudulent requests to send $81 million from a Bangladesh Bank account to cyber thieves, the Fed branch blocked those same requests because they lacked information required to transfer money, according to two people with direct knowledge of the matter.

On the day of the theft in February, the New York Fed initially rejected 35 requests to transfer funds to various overseas accounts, a New York Fed official and a senior Bangladesh Bank official told Reuters. The Fed’s decision to later fulfill a handful of resubmitted requests raises questions about whether it missed red flags.

The New York arm of the U.S. central bank initially denied the transfer requests because they lacked proper formatting for the SWIFT messaging system, the network banks use for international financial transfers, the two officials said.

The Bangladesh Bank official said they lacked the names of correspondent banks, which typically receive wired funds. The Fed rejected the requests, which came from hackers who had broken into the SWIFT network through Bangladesh Bank systems.

Later in the day, however, the cyber thieves resubmitted those 35 requests. On the second try, the messages had the proper formatting, the New York Fed official said. The requests had been authenticated by SWIFT, the first line of defense against fraudulent wire transfers.

Despite the technical compliance, the New York Fed rejected 30 of the requests a second time. But the Fed did approve five requests – for a total of $101 million. Later, one of those five transfers - a $20 million request - was reversed because of a misspelling.

The New York Fed has said it blocked the 30 resubmitted requests because they were flagged for economic sanctions review. Only afterward were they deemed potentially

On the day of the theft in February, the New York Fed initially rejected 35 requests to transfer funds to various overseas accounts, a New York Fed official and a senior Bangladesh Bank official told Reuters. The Fed’s decision to later fulfill a handful of resubmitted requests raises questions about whether it missed red flags.

The New York arm of the U.S. central bank initially denied the transfer requests because they lacked proper formatting for the SWIFT messaging system, the network banks use for international financial transfers, the two officials said.

The Bangladesh Bank official said they lacked the names of correspondent banks, which typically receive wired funds. The Fed rejected the requests, which came from hackers who had broken into the SWIFT network through Bangladesh Bank systems.

Later in the day, however, the cyber thieves resubmitted those 35 requests. On the second try, the messages had the proper formatting, the New York Fed official said. The requests had been authenticated by SWIFT, the first line of defense against fraudulent wire transfers.

Despite the technical compliance, the New York Fed rejected 30 of the requests a second time. But the Fed did approve five requests – for a total of $101 million. Later, one of those five transfers - a $20 million request - was reversed because of a misspelling.

The New York Fed has said it blocked the 30 resubmitted requests because they were flagged for economic sanctions review. Only afterward were they deemed potentially